luadbi icon indicating copy to clipboard operation
luadbi copied to clipboard
verified publisher icon mwild1

Support SSL connection options

Open abeluck opened this issue 7 years ago • 2 comments

Both postgresql and mysql support SSL connections and have various options that need to be supplied by the client. Presumably Oracle does too.

  • Postgres options: https://www.postgresql.org/docs/9.6/static/libpq-connect.html#LIBPQ-PARAMKEYWORDS
  • Mysql options https://dev.mysql.com/doc/refman/5.7/en/mysql-options.html

We would love to be able to connect our prosody instance to a remote database server over SSL.

abeluck avatar Mar 27 '18 14:03 abeluck

Since each provider has its own ssl semantics, I wonder if the best approach is to abstract and provide some sort of common ssl opts interface. But then what about other reasonable provider-specific opts that users might want implemented?

Maybe instead a strategy would be to have a generic config hash that can be plumbed down so each driver can be their own special snowflake.

abeluck avatar Mar 27 '18 14:03 abeluck

It turns out in the postgres case that you can actually connect with SSL certs by providing a conninfo string to the database parameter like:

// in lua
database = "sslmode=require host=10.34.0.3 dbname=actual_databae_name;

"If the dbName contains an = sign or has a valid connection URI prefix, it is taken as a conninfo string" https://www.postgresql.org/docs/9.6/static/libpq-connect.html

Then in /var/lib/prosody/.postgresql/ you place your ca cert and client keypair.

There are tons of options/flags you can add to a conninfo string: https://www.postgresql.org/docs/9.6/static/libpq-connect.html#LIBPQ-PARAMKEYWORDS

So maybe this is just a documentation issue?

abeluck avatar Mar 28 '18 16:03 abeluck